The NSA told Microsoft about EternalBlue hack used in WannaCry – Report

Published18th, May 2017

The NSA reportedly warned Microsoft about the vulnerability in Windows it exploited with its EternalBlue hacking tool, according to the Washington Post[1] Its warning allowed Microsoft to fix the issue with a patch that was issued in March, weeks before The Shadow Brokers leaked EternalBlue online. However, commentators state that the NSA “got lucky”, as The Shadow Brokers appeared to have the exploit months before Microsoft was able to patch it.

The Shadow Brokers allegedly hacked the NSA’s Equation Group to steal EternalBlue, along with other tools, and tried to auction it. It published a collection of tools on 31 October, and a list of codenames for around 60 weapons in November. The group went quiet for a while before resurfacing on 8 April with a new update which it said was in response to President Trump’s order to bomb a Syrian airfield.

The Shadow Brokers released a cache of tools, including EternalBlue, which was then used in the WannaCry ransomware.

The Washington Post reported that NSA officials had discussed whether EternalBlue was dangerous enough for them to reveal it to Microsoft.

NSA officials defended how they handed the EternalBlue matter, arguing that the NSA must use such tools to gather foreign intelligence.